Package Metadata

Author: Russell Bryant
Email: Russell Bryant <[email protected]>
PyPI: agentic-ci
Python: >=3.10
Versions: 22 releases
First release: 23 Apr 2026, 21:18 UTC
Analysed: 06 Jun 2026, 09:32 UTC
Source files: 28 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14Topic :: Software Development :: Build ToolsTopic :: Software Development :: Testing

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including shell command execution and credential handling practices that could potentially be exploited. While not definitively malicious, these indicators warrant caution and further scrutiny.

High shell risk due to subprocess calls
Potential credential harvesting via environment variable access

Per-check LLM notes

Network: Network calls to GitHub and GitLab APIs may be legitimate if the package interacts with these services, but further investigation is needed.
Shell: Subprocess calls to curl, podman, openshell-gateway, and openshell suggest potential execution of external commands which could indicate risky behavior such as remote code execution.
Obfuscation: The presence of base64 decoding suggests some form of data obfuscation, but it could be legitimate for encrypted data handling.
Credentials: The code snippet accessing GITHUB_TOKEN and adding an authorization header may indicate an attempt to harvest credentials, as it is common practice to store tokens in environment variables for API access.
Metadata: The author has only one package, which may indicate a new or less active account, but no other red flags are present.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

n failure. """ resp = requests.post( f"https://api.github.com/app/installations/{install
ithub.com``). """ s = requests.Session() s.mount("https://gitlab.com", GitLabHTTPAdapter())

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

try: return base64.b64decode(text).decode("utf-8") except Exception:

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

""" try: result = subprocess.run( ["curl", "-sf", f"http://127.0.0.1:{HEALTH_PORT
/podman", exist_ok=True) subprocess.Popen( ["podman", "system", "service", "--time=0", f"unix:
supervisor_image, } subprocess.Popen( [ "openshell-gateway", "--b
ready exists.""" result = subprocess.run( ["openshell", "sandbox", "get", SANDBOX_NAME],
gs.extend(["--", "true"]) subprocess.run(args, check=True) def upload(local_path): """Upload a
path into the sandbox.""" subprocess.run( ["openshell", "sandbox", "upload", "--no-git-ignore

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

{repo_path}") token = os.environ.get("GITHUB_TOKEN") if token: req.add_header("Authorizati

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: redhat.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository opendatahub-io/agentic-ci appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Russell Bryant" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-ci

Create a fully-functional mini-application that integrates the 'agentic-ci' package into a continuous integration (CI) pipeline to enhance code quality and development efficiency. Your application should be able to automatically run AI coding agents during the CI process, providing real-time feedback and suggestions for improvements in the codebase. Here are the steps and features your application should include:

1. **Setup**: Set up a basic CI environment using a tool like GitHub Actions or GitLab CI. Ensure that the 'agentic-ci' package is installed and configured within this environment.
2. **Integration**: Integrate 'agentic-ci' into the CI workflow so that it runs automatically on every push or pull request. The AI coding agent should analyze the code changes and provide feedback.
3. **Feedback Mechanism**: Implement a mechanism where the AI coding agent's feedback is presented in a user-friendly manner, such as through comments in the pull request or via email notifications to contributors.
4. **Customization**: Allow users to customize the behavior of the AI coding agent, such as specifying the types of issues it should look for (e.g., security vulnerabilities, code style inconsistencies).
5. **Performance Metrics**: Track the performance of the AI coding agent over time, including metrics like the number of issues identified and the overall impact on code quality.
6. **Documentation**: Provide comprehensive documentation on how to set up and use the application, including examples and best practices for integrating 'agentic-ci' into existing workflows.

This project aims to showcase the potential of integrating AI-driven tools into standard software development processes, making it easier for developers to write cleaner, more secure, and maintainable code.